Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Samuel Plantie


Published on

Blockchain And Data Protection: Which Opportunities, Which Limits?

Published in: Economy & Finance
  • Be the first to comment

  • Be the first to like this

Samuel Plantie

  1. 1. Introduction  Blockchain is a technology that can be used for a processing activity (recording and securing data, and authenticating transactions).  It is not a processing activity in itself: only a technology to store data.  Initially, blockchain has been designed to capture the least personal data as possible: anonymous way of authenticating a transaction without disclosing a party’s identity or using a trusted intermediary.  However, new blockchain uses are invented everyday and some involve the recording of personal data directly in the chain, raising data protection challenges. Gemserv 2
  2. 2. The different stakeholders in a blockchain  Readers: people who can access, read and obtain a copy of the chain (right to read)  Participants: people who can create a transaction and submit this transaction for approval to the miners (right to write)  Miners: people who can approve a transaction and add a block to the chain (in theory, are only involved on a technical perspective) Gemserv 3
  3. 3. Recording personal data in a blockchain: issues  Determining controllership and processing roles  Identifying the controller(s) and the processors  Rights of data subjects: access, rectification, erasure and automated decision  International transfers: blockchain is more susceptible to be spread across the world  Security: confidentiality, integrity, accessibility Gemserv 5
  4. 4. Controllership on a blockchain  The participants should be considered as the controllers, because they determine the purpose and the means of the processing  As long as a single miner does not contribute for more than 49% in the validation process, they should be considered as processor and not as controller  All participants should be considered as joint controllers if they do not organise differently with a contract Gemserv 6
  5. 5. Rights of data subjects  Blockchain may not be relevant for a processing activity, and Privacy by Design obligations require that a controller balances the benefits and disadvantages of the technology before its use  Right of access should not be an issue  Once a block is added to the chain, it cannot be altered or deleted: no right of rectification or erasure possible when personal data directly recorded in the chain  Right to object to an automated decision (smart contracts): the controller must implement mechanisms to allow an individual to obtain human intervention and contest a decision when a smart contract is performed Gemserv 7
  6. 6. Data minimisation and storage limitation  Participants’ and miners’ users details (their public key) are intrinsically part of the blockchain technology and cannot be further minimised  Do not record plain personal data in the chain: use a cryptographic hash of personal data sets stored off chain, or use encryption to store the data in the chain if a hash is not possible  Deleting the cryptographic key could be equivalent to deleting the data, because the data would no longer be accessible Gemserv 9
  7. 7. Security  Confidentiality: flaw in the governance or in the rights of the stakeholders on the chain  Integrity: attack on the chain to alter transactions, either by gaining a majority of miners or a security breach in the algorithm  Accessibility: a loss of encryption keys means permanent loss of access to the data Gemserv 10
  8. 8. Some positive impacts of blockchain  Expanding access to services: by automating the provision of services (smart contracts) or immediately identifying entitled individuals (social benefits)  Protecting vital records: cryptocurrency, smart power grid, sensitive information  Recording public transactions: land register, court decisions, companies register  Preventing human trafficking: digital identity to protect vulnerable persons, such as asylum seekers  Improving medical research and healthcare: tailorable sharing of medical data to health professionals Gemserv 12
  9. 9. Some adverse ethical impacts of blockchain  Permanent inscription of negative social impacts in an immutable database  Absence of public intervention could raise questions around regulation and the place of private actors  The reliance on private keys increases the risk of a loss of information  No encryption system is completely sure and can be attacked after a given period of time  Environmental impacts as substantial computational power is required Gemserv 13